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Abstract: This report presents a formalisation of Sylow's theorems done in COQ. The 
formalisation has been done in a couple of weeks on top of Georges Gonthier's SSREFLECT [2J. 
There were two ideas behind formalising Sylow's theorems. The first one was to get familiar 
with Georges way of doing proofs. The second one was to contribute to the collective effort 
to formalise a large subset of group theory in COQ with some non-trivial proofs. 
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Formalisation des theoremes de Sylow dans Coq 



Resume : Ce rapport prcsente une formalisation des theoremes de Sylow faite dans le sys- 
teme COQ. La formalisation s'est faite en deux semaines au dessus de la librairie SSREFLECT 
de Georges Gonthier. II y avait deux principales motivations pour formaliser les theoremes 
de Sylow. La premiere etait de se familiariser avec la fagon qu'a Georges de faire des preuves. 
La seconde etait de contribuer a l'effort collectif de formaliser un large ensemble de la theorie 
des groupes en COQ. 

Mots-cles : Theorie des groupes, Theoreme de Sylow, Formalisation des mathematiques 
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1 Introduction 

Sylow's theorems are central in group theory. Any course has a section or a chapter on 
them. Taking them as a first step in an effort to formalise group theory seemed a good 
idea. One of these theorems is number 72 in the list of the 100 theorems j4] maintained by 
Freek Wiedijk. Surprisingly, only one formalisation is known. It has been done in Isabelle by 
Florian Kammiiller [3j . The proof that has been formalised in Isabelle is due to Wielandt [5] . 
It is a very concise and elegant proof. A central step in the proof is a non-trivial combinatorial 
argument that is used to show the existence of a group with a particular property. This is not 
the proof we have chosen to formalise. As we are interested in formalising Sylow's theorems 
not only as a mere exercise but as a base for further development, conciseness is nice but 
reusability is much more important. We have chosen to follow the proof given by Gregory 
Constantine pQ in his group theory course. It has the nice property of using one main tool, 
namely group actions, to prove most of the key results. The combinatorial argument that 
was present in the proof of Wielandt is then reduced to a minimum. Most of our formalising 
time has then been spent proving theorems about groups not about numbers. 

The presentation of this work is organised as follows. In a first section, we describe what 
we started from. The main points we want to address are how SSREFLECT is organised and 
how using this dedicated version of COQ differs from using the standard one. In a second 
section, we outline the main steps of our proofs. Then, in a last section we conclude. 

2 From types with decidable equality to finite types 
2.1 Types with decidable equalitiy 

One of the key decision of SSREFLECT is to base the development on objects not in Type but 
in eqType, i.e objects for which equality is decidable. 

Structure eqType : Type : = EqType { 
sort :> Set; 

eq : sort -> sort -> bool; 
eqP : forall x y, reflect (x = y) (eq x y) 

}. 

eq is the function that decides equality and eqP the theorem that insures that (eq x y), 
written in the following as x == y, is true iff x = y. We call this the adequacy of equality. 

Adding decidability on objects has the nice consequence to equate the type bool, the 
booleans, with the type Prop, the propositions. Of course, these two types are not identified 
since we are completely compatible with the standard way of doing proofs in COQ. Still, 
an inductive relation reflect of type Prop -> bool -> Type holds all the information to 
coerce one into the other. 

In practice, booleans are always privileged with respect to propositions. For this, the 
coercion is_true from booleans to propositions is used. 

Coercion is_true b := b = true. 
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As an example, let us consider equality and conjunction. Instead of stating a conjunction of 
two equalities as x = y /\ z = t, we prefer writing it using booleans as x == y && z == 
t. This simple modification gives a classical flavour to the usually intuitionistic prover COQ. 
Moreover, proof scripts become more similar to the ones of other systems like Hol. In par- 
ticular, as booleans accommodate the substitutivity property, rewriting becomes the tactic 
number one. This reflection between bool and Prop is supported by the tactic language 
with the so-called views. As an example, consider the reflection over conjunction which is 
represented by the theorem andP 

Theorem andP: forall bl b2 : bool, reflect (bl A b2) (bl kk b2) . 

Suppose now that we have to prove the following goal x == y kk z == t. In order to split 
this goal into two subgoals, we use a combination of two tactics: (apply/andP; split). 
The first tactic converts the kk into a A , the second tactic can then perform the splitting. 
Similarly for an hypothesis, if the goal is x == y kk z == t -> A for an arbitrary A, the 
tactic (move/andP ; case) performs the convertion and the destructuring. Note that we 
can do even shorter combining view and case: case/andP. 

Some standard operations are defined on eqType. For example, it is possible to build the 
set of pairs of objects. The construction is the following: 

Structure eq_pair (di d2 : eqType) : Type := EqPair { 
eq_pii : di ; 
eq_pi 2 : d 2 

}. 

Definition pair_eq (di d 2 : eqType) (u v: eq_pair di d 2 ):bool: = 
let EqPair xi x 2 : = u in 

let EqPair yi y 2 := v in (xi == yi) kk (x 2 == y 2 ) . 

Once the adequacy of the equality is proved, we can build the expected type with decid- 
able equality. This is represented by the function prod_eqType with the following type 
prod_eqType: eqType -> eqType -> eqType. 

2.2 Sets 

Sets are represented by their indicator function: 
Definition set (d: eqType) := d -> bool. 
For example, the constructor of a singleton is defined as 
Definition setl x := fun y => (y == x) . 

A key construction is the one that allows to build a type di with decidable equality from a 
set A whose carrier is a type d with decidable equality. This is done using the constructor 
sub_eqType: 

sub_eqType: forall d: eqType, set d -> eqType. 

di is then (sub_eqType d A) and elements of di are composed of elements of d and a proof 
that they belong to A. 
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Structure eq_sig (d: eqType) (A: set d) : Set := EqSig { 
val : d ; 
valP: A val 

}. 

Equality then only checks the first elements of the two records. As sets are represented as 
indicators, this equality is adequate (there is only one proof of x = true). Over sets, there 
is also the usual extensional equality, i.e. Ai =1 A 2 iff Ai x == A 2 x for all x. 

2.3 Sequence 

Sequences are represented in a standard way 

Inductive seq (d: eqType): Type := SeqO I Adds (x : d) (s : seq d) . 

Sequences are equipped with all the basic operations. In the following, we are going to use 
two of these operations: size, count, size gives the number of elements of a sequence, 
count returns the number of elements of a set inside a sequence. 

2.4 Finite type 

The last construction before defining groups is the one for creating finite types. A finite type 
is composed of a type sort with decidable equality, its sequence of elements and a proof 
that the sequence contains each element of sort once and only once. 

Structure finType: Type := FinSet { 
sort : > eqType ; 
enum : seq sort ; 
enumP : forall x, count (setl x) enum = 1 

}. 

Note that this encoding of finite sets gives for free an order on the elements of the finite set, 
i.e. the index of its occurrence in the sequence. The cardinality of a set A over a finite type 
S is defined as (count A (enum S)). It is written in the following as (card A). 

3 From finite groups to Sylow's theorems 
3.1 Finite group, coset and subgroup 

A finite group contains a finite set, an unit element, an inverse function and a multiplication 
with the usual properties. 

Structure finGroup : Type := Finite { 
element : > f inType ; 
unit : element ; 
inv : element -> element ; 
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element -> element -> element ; 
forall x, mul unit x = x; 
forall x, mul (inv x) x = unit; 

forall xl x2 x3, mul xl (mul x2 x3) = mul (mul xl x2) x3 



unitP 
invP 
mulP 



}. 



Given a multiplicative finite group G and x, y two elements of G, 1 is encoded as (unit 
G), x _1 as (inv G x), and xy as (mul G x y). Given a finite group G, a set H of G and an 
element a of G, the left coset aH (the right coset Ha) is the set of the elements ax (respectively 
the set of elements xa) for all x in H. As we have x in aH iff a _1 x is in H (respectively x in 
Ha iff xa -1 is in H), we have the following definitions: 

Definition lcoset H a: set G := fun x => H (a _1 x) . 
Definition rcoset H a: set G := fun x => H (xa ) . 

The function x ^ ax is a bijection between H and aH, so both sets have same cardinality. 
Furthermore, every coset aH can be represented by a canonical element a such that aH =1 bH 
iff a == b. Technically, a is encoded as (root (lcoset H) a), which is the first element in 
the sequence of the finite set that belongs to aH. 

Subgroups are not defined as structures but as sets. Their definition is a bit intricate. 
The idea is to say that a set H is a subgroup if it is not empty, and if x and y are in H so 
is xy -1 . This is sufficient. Since if H is non empty, it contains at least an element z, so we 
have zz -1 == 1 belongs to H. Also, for all x in H, lx _1 == x _1 also belongs to H. Finally, if 
x and y belongs to H, we have y _1 belongs to H, so is x(y -1 ) -1 == xy. In our definition, 1 
is used as a witness of non-emptiness. For the second condition, we rewrite it as "if x is in 
H then H is included in Hx". 

Definition subgrp H := 

H 1 It subset H (fun x => subset H (rcoset H x) ) . 

where (subset Hi H 2 ) is true iff for all x in Hi, x is also in H 2 . In this definition, G is given 
implicitly since the type of H is (set G). This definition is of little use for proving that a 
set is a subgroup. As we are in a finite setting, a much more practical characterisation of a 
subgroup is that it is a non-empty set that is stable by multiplication. This is represented 
in our development by the theorem f instbl_sbgrp: 

Lemma f instbl_sbgrp : forall G (H : set G) (a : G) , 

H a -> (forall xy, Hx->Hy->H (xy)) -> subgrp H. 

If H is a subgroup, its left cosets partition G: if z is in the intersection aH and bH, there exist 
hi and h 2 such that ah i == z == b h 2 , we get a == b(h 2 hi _1 ) and b == a(hih 2 _1 ), so aH 
=i bH. We denote (lindex H) the number of canonical elements. We then get that card G = 
lindex H * card H. As in our development groups and subgroups differ in nature, groups 
hold the carrier while subgroups are only indicators, it is preferable to state Lagrange's 
theorem at the level of subgroups: 

Theorem lLaGrange : 
forall G (H K: set G) , 

subgrp H -> subgrp K -> subset H K => card H * lindex H K = card K. 
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Now, lindex H K denotes the number of coset of H with respect to K. Note that we can 
always get back to the usual statement, using the fact that G is a subgroup of itself. 

3.2 Conjugate, normaliser and normal subgroub 

Normal subgroups are needed for the proof of Sylow's theorem. In order to define them, we 
first define the conjugate operation. 

Definition y x := x _1 yx. 

Then, given an arbitrary element x and an arbitrary set H the conjugate set xHx -1 is defined 
as follows: 

Definition conjsg H x := fun y => H y x . 

y is in xHx -1 iff x _1 yx is in H. We arc now ready to define the notion of normal subgroup. 
H is normal in K iff for all clement x in K, xHx -1 =1 H. It is in fact sufficient to require that H 
is included in xHx" 1 as both sets have same cardinality. This gives the following definition: 

Definition normal H K := subset K (fun x => subset H (conjsg H x) ) . 

Later in the proof of the first Sylow's theorem we use the property that the quotient of 
a group by a normal subgroup is a group. This is a direct consequence of normality that 
imposes that the operation of the group behaves well with respect to cosets. The quotient 
group is represented in our development by the group RG composed with the roots of G with 
respect to the left coset relation. 

Given a subgroup H, it is possible to build its normaliser, the set of all x in K such that 
xHx -1 = H as: 

Definition normaliser H K x := 

(subset K (fun z => (conjsg H x z == H z))) && K x. 

By definition, we have that H is normal in (normaliser H K). This is the theorem nor- 
maliser_normal: 

Lemma normaliser_normal : 

f orall G (H K : set G) , subset H K -> normal H (normaliser H K) . 

3.3 Group actions 

Group actions are the key construction for our final theorems. To define an action, we need 
a group G, a subgroup H and a finite set S. This is written in our development as: 

Variable G : finGroup. 
Variable H : set G. 
Hypothesis sgrp_H: subgrp H. 
Variable S : finType. 

An action to is a homomorphism from H to the permutations of S (the bijections from S to 
S). This is defined as: 
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Variable to: G -> (S -> S) . 

Hypothesis to_bi j : forall x, H x -> bijective (to x) . 

Hypothesis to_morph: forall (x y: G) z, 

H x -> H y -> to (xy) z = to x (to y z) . 

where the predicate bijective indicates that the function is a bijection. Note that we have 
arbitrary chosen to define our action to on G and only require the properties of homomor- 
phism and permutation to hold for elements of H. 

For an clement a of S, we define its orbit as all the elements of S that can be reached 
from a by the function to. In other words, it is the image of H by the function that given 
an x in G associates (to x a). 

Definition orbit a := image (fun x => to x a) H. 

We can partition S using the orbits. A key property of group action comes with the notion 
of stabiliser. Given an element a of S, we call its stabiliser the set of all the elements x of H 
that leave a unchanged by the function to x. Formally this gives 

Definition stabiliser a := fun x => (((to x a) == a)) && (H x)). 

The stabiliser is clearly a subgroup of H but the key property is that the cardinal of the orbit 
of a and the index of the stabiliser of a are equal. 

Lemma card_orbit: forall a, card (orbit a) = lindex (stabiliser a) H. 

to see this we just have to notice that we have (to x a) =d (to y a) iff x _1 y is in (sta- 
biliser a). For this, we write (to y a) as (to x (to (x _1 y) a) )) and use the fact that 
to is injective. 

In the particular case where H has cardinality p a with p prime, as orbits partition S and 
their cardinality is an index, Lagrange's theorem gives us that these orbits are of cardinality 
p 13 with < a. Now, if wc collect in the set So all the elements of S whose orbit has 
cardinality 1 = p°, i.e elements that are in the stabiliser of every element of H: 

Definition So a := subset H (stabiliser a). 

we get our central lemma 

Lemma mpl : (card S) '/, p = (card So) "L p. 

where °h is the usual modulo operation. All the orbits of cardinality p 13 with < (3 < a 
cancel out in the modulo. 

3.4 Cauchy's theorem 

The proof of the first Sylow theorem is an inductive proof. Cauchy's theorem solves the base 
case. This theorem states that if a prime p divides the cardinality of a group, then there 
exists a subgroup of cardinality p. More precisely, there exists an element a, such that its 
cyclic group, i.e. the set of all the a 1 , is of cardinality p. As we did for Lagrange's, we state 
this theorem at the level of subgroups. We take H a subgroup of G and a prime p that divides 
the cardinality of H. We first consider H p_1 the cartesian product H x . . . x H . An clement x 

p-i 
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of HP" 1 is written as (h , . . . , h p _ 2 ). We have (card W' 1 ) = (card H)?" 1 . We define 
H* a subset of H p as the image of H p_1 by the function 

(h , h p _ 2 ) i-> ((nr=o 2h ») _1 ' h o, h p _ 2 ). 

Clearly, we have (card H*) = (card H) p_1 and every element (h , h p _i) of H p such 

that nCo h 4 = 1 is in H*. Now we consider the additive group Z p and the action to from 
Ij p to H* defined as 

n { (h 0) hi..., h p _i) I ► (h(0+n)%p> n (l+n)%p > • • • » n (p-i+n)% P ) ^ 

Now, if we look at the set So of the elements of orbit with cardinality 1. We can easily prove 
that So is composed of the elements (h, . . . , h) such that h p = 1. In one direction, such 
elements clearly belong to So since they are left unchanged by any permutation of indexes. 
Conversely, if an element x belongs to So, in particular (to 1 x) is equal to x. So, if we 
write x as (h , . . . , h p _i) , this means (h , . . . , h p _i) is equal to (hi , . . . , h ) which 
in turn implies that ho is equal to hi , hi is equal to h 2 and so on. Now, the mpl lemma tells 
us that (card H*) °/ p = (card So) 7. p, but the cardinality of H* is divisible by p so we 
can conclude that the cardinality of So is also divisible by p. As, p > 2, this means that 
there exists at least one element a different from 1 in So- For this element, we have a p = 1. 
We have that the cardinality of the cyclic group of a divides p but as p is prime and a is 
different of 1, the cardinality of its cyclic group is then exactly p. The exact statement of 
Cauchy's theorem in our development is 

Theorem cauchy: forall G, (H : set G) p, 
subgrp H -> prime p -> p I (card h) -> 
exists a, H a && (card (cyclic a) == p) . 

where I denotes the divisibility and cyclic builds the cyclic group of an element. 
3.5 Sylow's theorems 

The first Sylow theorem tells us that if G is a group and K is a subgroup of G of cardinality 
p n s with p prime and p, s relatively prime, then there exists a subgroup of K of cardinality 
p n . Such a subgroup of maximal cardinality in p is called a Sylow p subgroup. It is defined 
in our development as 

Definition sylow K p H:= 

subgrpb H && subset H K && card H == expn p (dlogn p (card K) ) . 

where expn is the exponential function and dlogn is the divisor logarithm, i.c (dlogn p u) 
is the maximal power of p that divides u. 

The proof of the first Sylow theorem is done by induction. We are going to prove that 
for alH, < i < n, there exists a subgroup of cardinality p l . For i = 1, the existence is 
given by Cauchy's theorem. Now, suppose that there exists a subgroup H of cardinality p l , 
we are going to prove that there exists a subgroup L of cardinality p l+1 . We are acting by 
left translation with H on the left cosets of H with respect to K as follows: 

x i — ► { yH i — ► (xy)H } 
The mpl lemma gives us (card So) °/ p = (lindex H K) °/„ p. But by Lagrange's theorem 
we know that (lindex H K) is equal to p n ~ l s. As i < n, we can conclude that the cardinal 
of Sq is divisible by p. Now, if we look at the cosets that are in Sq. They are the yH such that 
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(xy)H = yH for all x in H. This corresponds to y _1 Hy = H so y is in (normaliser H K). So, 
we can deduce that (card So) = (lindex H (normaliser H K)). This means that if we 
take the quotient of the normaliser (normaliser H K) by H, this is a group (H is normal in 
its normaliser) and its cardinality which is (lindex H (normaliser H K) ) is divisible by p. 
We can then apply Cauchy's theorem and get the existence of a subgroup Li of cardinality p 
in the quotient. Taking the inverse image of Li by the quotient operation, we get a subgroup 
L of G whose cardinality is card Li * card H = p p 1 = p 4+1 . This ends the proof of the 
first Sylow theorem. The exact formal statement of this theorem is the following: 

Theorem sylowl_cor: forall G (K: set G) p, 

subgrp K -> prime p -> < dlogn p (card K) -> 
exists H : set G, sylow K p H. 

The second Sylow theorem says that two Sylow p subgroups Li and L 2 of K are conjugate. 
For the proof, we act by left translation with L 2 on the left coset of Li. By the mpl lemma, 
we know the (card So) 7» p = (lindex Li K) % p. As Li is a Sylow p group, we have by 
Lagrange's theorem that (lindex Li K) is equal to s, so is not divisible by p. This means 
that (card So) is not divisible by p, so there exists an x in K such that xLi is in S . But for 
this x, we know that for all y in L 2 , (yx)Li = xLi, this means that L 2 is included in xLix -1 . 
As both sets have same cardinality, we have L 2 =1 xLix -1 . The exact formal statement of 
this theorem is the following: 

Theorem sylow2_cor: forall G (K: set G) p Li L2 , 
subgrp K -> prime p -> < dlogn p (card K) -> 
sylow K p Li -> sylow K p L2 -> 

exists x : G, K x /\ L2 =1 conjsg Li x. 

The third Sylow theorem gives an indication on the number of Sylow p groups. It says 
that this number divides the cardinality of K and is equal to 1 modulo p. In order to count 
the number of Sylow p subgroup, we have to define the sylow subset of the power set of G 
as: 

Definition syset K p := fun (H: powerSet G) => sylow K p (subdE H) . 

Now, the first part of the third theorem that regards divisibility is proved acting with K on 
(syset K p) as follows: 
x 1 — ► { L 1 — ► xLx -1 } 

The second theorem tells us that all the elements of (syset K p) arc conjugate. So, from 
one Sylow p subgroup L we can reach any other by conjugation. This means that (syset K 
p) contains one single orbit. So, (card (syset K p)) = (card (orbit L) ). The theorem 
card_orbit tells us the card (orbit L) is equal to (lindex (stabiliser L) K). Using 
Lagrange's theorem, we get that it divides (card K) . The formal statement of the first part 
of the third Sylow theorem is the following: 

Theorem sylow3_div: forall G (K: set G) p, 

subgrp K -> prime p -> < dlogn p (card k) -> 
(card (syset K p)) I (card K) . 

For the second part, we consider H a Sylow p group for K. Wc act with H on (syset K 
p) by conjugation as before: 
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x i — ► { L i — ► xLx -1 } 

An element L is in So if xLx -1 =1 L for all x in H. This means that H is included in (nor- 
maliser L K). As we have (sylow K p H) , we have also (sylow (normaliser L K) p H) . 
This holds also for L, so we have (sylow (normaliser L K) p L) . The second theorem tells 
us that H and L are then conjugate in (normaliser L K). But as L is normal in its nor- 
maliser, this implies that H =1 L. So (card So) is equal to 1. If we apply the mpl lemma we 
get the expected result. The formal statement of the second part of the third Sylow theorem 
is the following: 

Theorem sylow3_mod: forall G (K: set G) p, 

subgrp K -> prime p -> < dlogn p (card k) -> 
(card (syset K p)) p = 1. 



4 Conclusion 

Formalising Sylow's theorems has been surprisingly smooth. One reason has to do with 
the fact that we have built our development on top of SSREFLECT. This base was used by 
Georges Gonthier for his proof of the four colour theorem. It has already been tested on a 
large development, so it is quite complete. The only basic construction we had to add is the 
power set. Another reason that made our life simpler is that we were working in a decidable 
fragment of the COQ logic. No philosophical issue about constructiveness slowed down our 
formalisation. Finally, Gregory Constantine's proof was perfect for our formalisation work. 
The only part of the formalisation that was ad-hoc was the construction of the set H*. It 
represents only 360 lines of the 3550 lines of the formalisation. The fact that this experiment 
was positive is clearly a good sign for further formalisations in group theory. 
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Module groups 

Structure finGroup: Type:— Finite { 
element:> finType; 
unit : element; 
inv : element — ► element; 
mul : element — > element — > element; 
unitP : Vx, ma/ «nz< a; = x; 
muP : Vx, m«I (ins x) x = ztnii; 

mulP : Vxi X2 X3, ttimZ xi (mul X2 X3) = rmtZ (mul X\ X2) X3 

}• 

Section Group Identities. 
Variable G: finGroup. 

Lemma mulgA: Vxi x 2 x 3 : G, Xi x (x 2 x x 3 ) = x\ x x 2 x x 3 . 

Lemma mullg: Vx: G, 1 x x = x. 

Lemma mulVg: Vx: G, x _1 x x = 1. 

Lemma mulg_invl: Vx: G, cancel (mulg x) (mulg x _1 ). 

Lemma mulg-injl: Vx: G, injective (mulg x). 

Lemma mulgl: Vx: G, x x 1 = x. 

Lemma invgl: 1 _1 = 1. 

Lemma mulgV: Vx: G, x x x _1 = 1. 

Lemma mulg_invr: Vx: G, monic (mulgr x) (mulgr x" 1 ). 

Lemma mulg_injr: Vx: G, injective (mulgr x). 

Lemma invg-inv: monic invg invg. 

Lemma invg-inj: injective invg. 

Lemma invg-mul: Vxi x 2 : G, (x 2 x xi) -1 = xi -1 x x 2 _1 . 
Lemma mulVg-invl: Vx: G, monic (mulg x _1 ) (mulg x). 
Lemma mulVg-invr: Vx, monic (mulgr x _1 ) (mulgr x). 
Theorem mulgsf. Va 6:G, (6 x a -1 ) x a = b. 
Theorem mulg_s 2 : Va 6:G, (6 x a) x a -1 = 6. 
End Groupldentities. 

Definition conjg (G: finGroup) (x y: G):= x _1 x y x x. 
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Section Conjugation. 
Variable G: finGroup. 

Lemma conjgE: Mx y: G, xV = y^ 1 x x x y. 
Lemma conjgl: conjg 1 =1 id. 
Lemma conjlg: Mx: G, l x = 1. 

Lemma conjg_mul: Mx\ x 2 y: G, (xi x a 2 )^ = x\U x a 2 ^. 

Lemma conjgJinvg: Mx y: G, (x^ 1 )^ = (x H)^ 1 . 

Lemma conjg_conj: Mx y\ y 2 : G, (a^ 1 )^ 2 = x^ 1 *^ 2 . 

Lemma conjgjinv: \fy: G, monic (conjg y) (conjg y~ l ). 

Lemma conjg_invV: My: G, monic (conjg y~ r ) (conjg y). 

Lemma conjgJinj: \/y: G, injective (conjg y). 

Definition conjg_fp (y x: G):— xV =d x. 

Definition commg (x y: G):= x x y = y x x. 

Lemma conjg_fpP: \fx y: G, reflect (commg x y) (conjg_fp y x). 

Lemma conjg_fp_sym: \/x y: G, conjg_fp x y — conjg_fp y x. 

End Conjugation. 

Section SubGroup. 

Variables (G: finGroup) (H: set G). 

Definition Icoset x: set G:— fun y => H (a -1 x y). 
Definition rcoset x: set G:= fun y =>• H (y x x^ 1 ). 

Definition subgrpb:— H 1 && subset H (fun x =4- subset H (rcoset a)). 

Definition subgrp: Prop:— subgrpb. 

Lemma subgrpP: reflect (H 1 A Va; y, H x — > H y — > rcoset x y) subgrpb. 

Hypothesis Hh: subgrp. 

Lemma subgrp 1: H 1. 

Lemma subgrpV: Mx, H x — > H x^ 1 . 

Lemma subgrpM: Mx y, H x — > H y — > H (x x y). 

Lemma subgrpMl: Va y, H x — > H (x x y) = H y. 

Lemma subgrpMr: Va y, H x — > H (y x x) = H y. 
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Lemma subgrpVl: Va;, H x^ 1 — ► H x. 
Definition subFinGroup: finGroup. 
End SubGroup. 

Lemma subgrp_of_group: VG: finGroup, subgrp G. 

Coercion subgrp-of-group: finGroup >-> subgrp. 

Section LaGrange. 

Variables (G: finGroup) (H: set G). 
Hypothesis (Hh: subgrp H). 

Lemma rcoset-refl: Vie, rcoset H x x. 

Lemma rcosetsym: Va; y, rcoset H x y — rcoset H y x. 

Lemma rco set-trans: Va; y, connect (rcoset H) x y — rcoset H x y. 

Lemma rcoset-csym: connecLsym (rcoset H). 

Lemma rcosetl: rcoset H 1 =1 H. 

Lemma carcLrcoset: Mx, card (rcoset H x) = card H. 

Definition rindex:— n_comp (rcoset H). 

Theorem rLaGrange: VK: set G, 

subgrp K — > subset H K — > card H x rindex K — card K. 

Theorem sugrp_divn: VK: set G, 

subgrp K — > subset H K — > card H \ card K. 

Lemma Icoset-refl: Vx, Icoset H x x. 

Lemma Icosetsym: Va; y, Icoset H x y = Icoset H y x. 

Lemma Ico set-trans: Va; y, connect (Icoset H) x y — Icoset H x y. 

Lemma Icoset-csym: connectsym (Icoset H). 

Lemma Icosetl: Icoset H 1 =i H. 

Lemma card-lcoset: Mx, card (Icoset H x) = card H. 

Definition lindex:= n_comp (Icoset H). 

Theorem ILaGrange: VK: set G, 

subgrp K — ► subset H K — > card H x lindex K = card K. 

End LaGrange. 

Section FinPart. 
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Variables (G: finGroup) (H: set G) (a: G). 
Hypothesis Ha: H a. 

Hypothesis Hstable: Vx y, H x — > H y — > H (x x y). 

Lemma heqah: (Icoset H a) =1 H. 

Lemma heqxh: Vx, H x — > (Icoset H x) =1 ii. 

Lemma heqhx: Vx, 77 (rcoset H x) =1 ii. 

Lemma finstbLsbgrpl: H 1. 

Lemma finstbLmulV: Vx, H x — > 77 a; -1 . 

Lemma finstbLsbgrp: subgrp H. 

End FinPart. 

Section i?g. 

Variable G: finGroup. 

Theorem eq_subgroup: Va &: set G, a =i & — > subgrpb a = subgrpb b. 
End 

Section SubProd. 
Variable G: finGroup. 

Section SubProcLsubgrp. 

Variables (ii if: set G). 
Hypothesis h_subgroup: subgrp H. 
Hypothesis k_subgroup: subgrp K. 

Lemma subprocLsbgrp: prod H K =\ prod K H — > subgrp (prod H K). 

Lemma sbgrp_subprod: subgrp (prod H K) — > prorf H K ~\ prod K H. 

End SubProdLsubgrp. 

Variables (Jf if: set G). 
Hypothesis hsubgroup: subgrp H. 
Hypothesis k_subgroup: subgrp K. 

Lemma sbgrphksbgrpkh: subgrpb (prod H K) = subgrpb (prod K H). 
End SubProd. 

Module action 

Section Action. 
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Variable (G: finGroup) (H: set G). 

Hypothesis sgrpJi: subgrp H. 
Variable s: finType. 

Variable to: G — ► (s — > s). 

Hypothesis to_bij: Vr, H x — > bijective (to x). 

Hypothesis to_morph: V(ir y: G) 2, 

H x ^ H y ^ to (x x y) z = to x (to y z). 

Theorem : Mx, to 1 x = x. 

Definition stabiliser a:= setl (fun x => ((to x a) =4 a)) H. 
Definition orbit a:= image (fun z => to z a) H. 

Theorem orbit_to: Va x, H x — > orbit a (to x a). 

Lemma orbit^refl: Va;, orbit x x. 

Lemma orbit_sym: \/x y, orbit x y = orbit y x. 

Lemma orbit_trans: \/x y, connect orbit x y = orbit x y. 

Lemma orbit-csym: connectsym orbit. 

Definition So a:= subset H (stabiliser a). 

Theorem SOP: Va, reflect (orbit a =1 setl a) (So a). 

Theorem stab_l: Va, stabiliser a 1. 

Theorem subgr_stab: Va, subgrp (stabiliser a). 

Theorem subset-stab: Va, subset (stabiliser a) H. 

Theorem orbit_from: Va x (Hx: orbit a x), 

(setl (roots (Icoset (stabiliser a))) H) (root (Icoset (iinvl Hx)). 

Theorem carcLorbit: Va, card (orbit a) = lindex (stabiliser a) H. 

Theorem caraLorbit^div: Va, card (orbit a) | card H. 

Variable n p: nat. 
Hypothesis prime-p: prime p. 
Hypothesis cardJi: card H = p n . 

Theorem mpl: (card s) % p — (card So) % p. 

End Action. 
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Module cyclic 

Section Phi. 

Definition phi n:~ if n is ni + 1 then card (fun x =>■ coprime n (vol x)) else 0. 
Theorem phLmult: Vm n, coprime m n — > p/w (m x n) = p/ii m x p/ii n. 
Theorem phLprime_k: \/p k, prime p — > p/ii p^ +1 = p^ +1 - p^. 
End PM 
Section Cyclic. 
Variable G: finGroup. 

Fixpoint gexpn (a:G) (n: nat) {struct n}: G:= 
if n is n\ + 1 i/ien a x (gexpn a n{) else 1. 

Theorem gexpnO: Va, gexpn a = 1. 

Theorem gexpnl : Va, gexpn a 1 = a. 

Theorem gexpln: Vn, gexpn 1 n = 1. 

Theorem gexpnS: Va n, gexpn a (n + 1)) = a x gexpn a n. 

Theorem gexpnJi: Vn a i/, subgrp H — > _ff a — > _ff (gexpn a n). 

Theorem gexpn^add: Va n m, gexpn a n x gexpn am — gexpn a (n + m). 

Theorem gexpn^mul: Va n m, gexpn (gexpn a n) m = gexpn a (n x m). 

Fixpoint seq_fn (/: G — > G) (n: raaf) (a: G) (L: sea G) {struct n}: seq G:= 
if n is ni + 1 i/ien 

i/ negfe (L a) i/ien seq__fn f n\ (f a) (^4dds a L) efee L eZse L. 

Definition sea_/ / a:= seq__fn f (card G) a (SeqO _). 

Definition q/dic a:= sea_/ (/wn a; => a x a) 1. 

Theorem eyelid: Va, cyclic a 1. 

Theorem cyclicP: Va o, reflect (3 n, gexpn a n =4 b) (cyclic a b). 

Theorem cyclicJi: Va _ff, subgrp H — > _ff a — > subset (cyclic a) If. 

Theorem cyclic_min: Va 0, 

cyclic a b — > 3 m, (m < card (cyclic a)) && (gexpn a m =4 b). 

Theorem cyclicJm: Va m, cyclic a (gexpn a m). 

Theorem subgr_cyclic: Va, subgrp (cyclic a). 

Theorem cyclic-expn_card: Va, gexpn a (card (cyclic a)) =^ 1. 

Theorem cyclic-div-card: Va n, card (cyclic a) | n) = (gexpn a n =4 1). 

Theorem cyclic-div-g: Va, card (cyclic a) \ card G. 
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Module normal 

Section Normal. 

Variables (G: finGroup) (H K: set G). 

Hypothesis sgrp_h: subgrp H. 
Hypothesis sgrpjz: subgrp K. 
Hypothesis subset-hk: subset H K. 

Definition conjsg x y:= H(y x ). 

Theorem conjsgl: Vx, conjsg x 1. 

Theorem conjsig: Vie, conjsg 1 x = H x. 

Theorem conjsg_inv: Vx y, conjsg x y — > conjsg x y^ 1 . 

Theorem conjsg-conj : Vir y z, conjsg (x x y) z = conjsg y (z x ). 

Theorem conjsgsubgrp: Mx, subgrp {conjsg x). 

Theorem conjsg_image: Vy, 

conjsg y =i image (conjg y^ 1 ) H. 

Theorem conjsgJinvl : \fx, 

(conjsg x) =\ H — > (conjsg x~ x ) =i H. 

Theorem conjsg-card: Vx, 
card (conjsg x) = card H. 

Theorem conjsgsubset: Vx, 

subset H (conjsg x) — > (conjsg x) =\ H. 

Theorem lcoseL.root: \/x, Icoset H x (root (Icoset H) x). 

Definition normalb:= subset K (fun x =>■ subset H (conjsg H x)). 

Definition normal: Prop:= normalb. 

Hypothesis normaLk: normal. 

Theorem conjsg_normal: Vx, K x — > conjsg x =i H. 

Definition rootSet:= subFin (setl (roots (Icoset H)) K). 

Theorem card_rootSet: card rootSet = lindex H K. 

Theorem unit-rootsub: 
setl (roots (Icoset H)) K (root (Icoset H) 1). 

Definition unit-root: rootSet. 

Definition mult^root: rootSet — ► rootSet — > rootSet. 
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Definition inv-root: rootSet — > rootSet. 

Theorem unitP-root: Mx, mult-root unit-root x = x. 

Theorem invP_root: Mx, mult-root (inv_root x) x = unit-root. 

Theorem mulP-root: Mx\ x 2 Xs, 

mult-root X\ {mult-root x 2 x 3 ) = mult-root (mult-root X\ x 2 ) X3. 

Definition root-group:= (Group. Finite unitP-root invP-root mulP-root). 

Theorem carcLroot-group: card root-group = lindex H K. 

End Normal. 

Section NormalProp. 

Variables (G: finGroup) (H K: set G). 
Hypothesis sgrpJi: subgrp H. 
Hypothesis sgrp_k: subgrp K. 
Hypothesis subsetJik: subset H K. 
Hypothesis normaLhk: normal H K. 

Theorem normaLsubset: VL, 

subgrp L — ► subset H L — > subset L K — > normal H L. 

Definition RG:= (root^group sgrpJi sgrp_k subsetJik normaLhk). 

Theorem th-quotient: Mx, K x — > 

(setl (roots (leoset H)) K (root (leoset H) x)). 

Definition quotient: G — > RG. 

Theorem quotient-lcoset: Mx, K x — > leoset H x (val (quotient xj). 

Theorem quotientl: Mx, H x — > quotient x = 1. 

Theorem quotient-morph: Mx y, 

K x — > K y — > quotient(x X y) = quotient(x) x quotient(y). 

Theorem quotient-imagesubgrp: ML, 

subset H L — > subset L K — > subgrp L — > subgrp (image quotient L). 

Theorem quotient_preimage_subgrp: ML, 

subgrp L — ► subgrp (setl (preimage quotient L) K). 

Theorem quotient_preimagesubset_h: ML, 

subgrp L — » subset H (setl (preimage quotient L) K). 

Theorem quotient-preimagesubset_k: ML, subset (setl (preimage quotient L) K) K. 

Theorem quotient-index: ML, subset H L — > subset L K — > subgrp L — ► 
lindex H L = card (image quotient L). 
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Theorem quotient-imagejpreimage: VL, 

image quotient (setl (preimage quotient L) K) =\ L. 

End NormalProp. 

Section Normalizer. 

Variables (G: finGroup) (H K: set G). 

Hypothesis sgrp_h: subgrp H. 
Hypothesis sgrp_k: subgrp K. 
Hypothesis subset-hk: subset H K. 

Definition normaliser x:= 

(subset K (fun z (conjsg x z =4 H z))) && K x. 

Theorem normaliser _grp: subgrp normaliser. 

Theorem normaliser_subset: subset normaliser K. 

Theorem subset-normaliser: subset H normaliser. 

Theorem normaliser_normal: normal H normaliser. 

Theorem card_normaliser: 

card (root-group sgrpJi normaliser-grp subset-normaliser 
normaliser -..normal) = lindex H normaliser. 

End Normalizer. 

Section Eq. 

Variables G: finGroup. 

Theorem eq-conjsg: Va b x, a =1 b — > conjsg a x —1 conjsg b x. 
End Eq. 
Section Root. 

Variable (G: finGroup) (H: set G). 

Hypothesis sgrpJi: subgrp H. 

Theorem rootJcosetl: H (root (Icoset H) 1). 

Theorem rooLJcosetd: Va, H (a -1 x root (Icoset H) a). 

End Root. 
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Module left Translation 

Section Left Trans. 

Variable (G: finGroup) (H K L: set G). 

Hypothesis sgrp_k: subgrp K. 
Hypothesis sgrpJ,: subgrp L. 
Hypothesis sgrpJi: subgrp H. 
Hypothesis subsetJik: subset H K. 
Hypothesis subset-Ik: subset L K. 

Definition Itrans: G —> rootSet L K — > rootSet L K. 

Theorem ltrans_bij: \/x, H x — > bijective (Itrans x). 

Theorem ltrans_morph: \fx y z, 

H x — > H y — > Itrans (x x y) z = Itrans x (Itrans y z). 

End Left Trans. 

Module sylow 

Section Cauchy. 

Variable (G: finGroup) (H: set G). 
Hypothesis sgrpJi: subgrp H. 

Variable p: not. 

Hypothesis prime-p: prime p. 

Hypothesis p_divides_h: p \ card H. 

Theorem cauchy: 3 a,H a && card (cyclic a) =4 p. 

End Cauchy. 

Section Sylow. 

Variable (G: finGroup) (K: set G). 
Hypothesis sgrp_k: subgrp K. 

Variable p: nat. 

Hypothesis prime-p: prime p. 

Let n:= dlogn p (card K). 

Hypothesis n_pos: < n. 

Definition sylow L:— (subgrpb L) && (subset L K) && (card L =d p n ). 
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Theorem eqsylow: Va b, a =1 b — > st/ioro a = sy/ow 6. 

Theorem sylow-conjsg: VL\ x, K x — ► syiow Li — > syZow (conjsg L\ x). 

Theorem sylowl_rec: Mi Hi, < i — > i < n — > 
subgrp Hi — » subset Hi K — > card ffi = — > 
3 ff: set G, 

subgrp H A subset Hi H A subset H K A normal Hi H A card H = p 

Theorem sylowl: Vi, < i — > i < n — > 

3 iJ: set G, subgrp H A subset H K A card H = p % . 

Theorem sylowl_cor: 3 77: set G, syioio iJ. 

Theorem sylow2: V-ff L i,0 <i — > i < n — > 
subgrp H — > subset H K — > carrf if = — > sylow L — > 
3 £, (if a;) && subset H (conjsg L x). 

Theorem sylow2-cor: VL\ L2, sylow L\ — > st/Zow L2 — > 
3 £, (if a;) A (L 2 =1 conjsg L\ x). 

Definition syset p:= sy/ow (to/ p). 

Theorem sylowS-div: card syset \ card K. 

End Sylow. 

Section SylowAux. 

Variable (G: finGroup) (H K L: set G). 
Hypothesis sgrp_k: subgrp K. 
Hypothesis sgrp-l: subgrp L. 
Hypothesis sgrpji: subgrp H. 
Hypothesis subsetM: subset H L. 
Hypothesis subset-Ik: subset L K. 

Variable p: nat. 
Hypothesis prime-p: prime p. 
Let n:= dZogn p (card if). 
Hypothesis n_pos: < n. 

Theorem sylow_subset: sylow K p H — > sy/ow L p H. 
End SylowAux. 
Section SylowS. 

Variable (G: finGroup) [K: set G). 
Hypothesis sgrp_k: subgrp K. 

Variable p: naf. 
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Hypothesis prime_p: prime p. 
Let n:= dlogn p (card K). 
Hypothesis n_pos: < n. 

Theorem sylow3-mod: card (syset K p) % p = 1. 
End SylowS. 
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